ghosts in the wire (or rock out with your hack out)

rainy day scripting ideas – port scanners

If you’re looking for something to do with Perl (or Python or other scripting languages you’d like to play with), you can always make a quick and dirty port scanner. For instance, like this SSH port scanner script. Just looking at the code, this isn’t something that uses a specific SSH client or anything; you can just change the port to create a different scanner.

And this can be built upon very easily by searching for other examples like a more robust port scanner in Perl. You can scan more ports, a list of ports, maybe replace the random IP address with a static list that you supply.

Even better, get a port scanner on every system in an environment without having to rely on an installed scripting environment…enter PowerShell! Yes, start playing with port scanning using PowerShell scripting. This is arguably a bit better than installing the Telnet client on current Windows server boxes every time you want to troubleshoot network connectivity.

Is this useful? Absolutely, from both offense or defense, you can find specific things in an environment that maybe run on a weird port or common ports like SSH. Scan your network space from your own admin VLAN to find lost devices that aren’t in inventory but weren’t properly decommissioned, or maybe that test Linux VM someone stood up last year that was supposed to be temporary. Tools like this can be used to test and validate firewall rules, which always sounds easy in practice, but is not necessarily so when you really get deep and dirty with it.

This can also be used to test security detection processes, like network IDS/IPS. Catching sequential or even random (but large volume) scans should be something easy to accomplish and test. You can even add some waits/pauses to the script to slow the scan down and watch behavior of your IDS/IPS versus time it takes an attacker to get useful information off your network. Need to test your IDS/IPS for an auditor? Creating easy, but relatively benign alerts in a few different ways is useful (like triggering a WAF with a GET to cmd.exe or something).